We are investigating various logging clients to send to our current log server. Splunk UF is one. We are in a long term position of getting splunk enterprise as a new logger, but prior to that, as an interim, were considering Splunk UF. The documentation seems to point to interoperability with third party loggers. Is there and licensing that needs to be purchased to use Splunk UF with a non-Splunk logger server, or is it free to download that that use?
You do lose all parsing functionality when forwarding to third-party systems. You can technically use Splunk Enterprise in a similar way--Splunk Universal Forwarder and Splunk Enterprise share the same codebase--but some functionality is disabled without a license.